Steel Giant Nucor Suffers Cyberattack, IT Systems Breached

Nucor Corporation, the largest steel producer and recycler in North America, has confirmed it suffered a significant cybersecurity breach that disrupted operations across multiple facilities and led to the theft of limited company data.

The incident, first disclosed in a regulatory filing in mid-May, marks one of the most impactful cyberattacks on the U.S. manufacturing sector this year.

Immediate Response and Operational Impact

The breach, detected in early May, involved unauthorized access to Nucor’s information technology (IT) systems.

In response, the company enacted its incident response plan, taking potentially affected systems offline and temporarily halting production at several locations as a precautionary measure. 

The shutdown affected parts of Nucor’s vast network, which includes approximately 300 sites across the U.S., Mexico, and Canada, and employs over 32,000 people.

Production disruptions were significant, with the company proactively pausing operations to contain the threat and protect its digital infrastructure.

While Nucor has not specified which facilities were impacted or the precise nature of the attack, the event underscores the growing vulnerability of industrial supply chains to cyber threats.

In an update filed with the Securities and Exchange Commission (SEC), Nucor confirmed that the threat actor responsible for the breach managed to exfiltrate “limited data” from its IT systems.

The company is currently reviewing the impacted data and will notify affected parties and regulatory agencies as required by law.

Nucor has engaged leading external cybersecurity experts and notified federal law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), to assist with the investigation and remediation efforts. 

The company reports that all affected IT applications and production operations have now been restored, and it believes the attacker no longer has access to its systems.

Despite the disruption, Nucor maintains that the incident has not had, and is not expected to have, a material impact on its financial condition or operating results. 

The company has reinforced its IT defenses and continues to monitor for any residual risks. However, it acknowledges ongoing uncertainties, including potential regulatory scrutiny, litigation, and reputational effects.

Nucor’s experience highlights the escalating risks facing critical infrastructure sectors as cyberattacks become more sophisticated.

The company’s swift response and transparent communication have been praised by industry observers, but the event serves as a stark reminder of the persistent threats to industrial operations in an increasingly digital world.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates